Currently, the number of devices that can be connected to one another for transmission of data continues to grow significantly. Such devices include, for example, modems, personal computers, telephones and smartphones, video cameras, external hard disks and the like. When transmitting data between devices, wireline and wireless data transmission technologies are used. One of the most widespread methods of wireline connecting devices is a connection between the devices using a universal serial bus (USB).
However, as the number of devices having a USB connection continues to increase, a number of shortcomings and problems with these types of connections have been realized. Thus, a composite USB device when connected to a personal computer may be defined as one of several devices, such as, data storage, CD-ROM in which an installation disk is inserted, keyboard, and the like. This configuration is of interest to hackers. In particular, a hacker can exploit the composite configuration of a device and use a customized microprogram to integrate his own device, which may carry out malicious actions (e.g., a BadUSB attack class, see, e.g., https://ru.wikipedia.org/wiki/BadUSB).
Thus, a hacker can use a flash drive to trick a user's personal computer into defining a new device of a “keyboard” type, with which the loading and execution of malicious code can be performed, for example.
Currently, there are a number of solutions that exist whose purpose is to analyze the connected devices. However, these solutions perform an analysis of the connected devices and events, but make no mention of identification of anomalies caused by modified or corrupted external devices when such devices are connected to a computer system. Accordingly, the disclosed system and method makes it possible to effectively solve the problem of detecting anomalies when external devices are connected to a computer system.